Blumira Launches Kindling Pilot, Cuts Alerts By 30-50x Through Agentic Auto-Triage

ANN ARBOR, Mich.--(BUSINESS WIRE)--Blumira, the security operations platform for growing teams and partners, today announced the pilot launch of Kindling, the only agentic SIEM investigation engine for the modern SOC that uses complete context correlation across workspace and platform.

For overloaded teams trying to keep pace with the ever-changing threat landscape, Kindling delivers unmatched threat context powered by eight years of detection data, a full-year log retention baseline, and cohort-wide analysis. Kindling operates through two-stage analysis sending only verified, actionable case alerts through weighted scoring, along with evidence timelines and clear next steps with end-to-end coverage across cloud, network, endpoint, and identity. Kindling surfaces threats at every stage of an attack before adversaries can advance. For security teams, this translates to a reduction up to 30-50x in alerts without missing threats.

Kindling reviews each new finding and dynamically weighs its severity, the behavioral baseline for the environment, and how similar organizations resolved the same finding before. When the threshold for creating a case is met, responders logging in will see a complete analysis, a detailed attack chain and graph view showing the identities and assets affected, and what to do next.

"Kindling takes the guesswork out of security. With attackers moving faster than ever, a three-person IT team can't afford to manually sort through alerts,” said Matt Warner, CEO of Blumira. “Kindling replaces a finding to-do list with actionable cases and tells you what's critical, so even lean security teams can have the contextual signal they need to triage, investigate, and remediate without manual overhead."

"I love that Kindling aggregates data across all of our clients without obscuring it. Even in our short time with it, it's narrowing our focus to what needs immediate resolution,” said Matt Timm, Network Operations Center Team Lead at TR Computer Sales. “On a good day, we'd see 30 to 40 findings come in. After just one week with Kindling, we're down to 11 cases. It's remarkable to see that kind of consolidation.”

Answers Over Alerts

Hallucinations and vague outputs have no place in SOC environments. Blumira validated Kindling against 2,000+ real-world incidents resolved with their support teams. The result: a 98.5% auto-triage accuracy rate, achieved through deterministic investigation and a three-judge AI consensus. Of the remaining margin, 99% surfaced as alerts rather than false negatives because a missed threat is never an acceptable outcome:

• Better context in, smarter answers out: Blumira’s SIEM roots provide unparalleled context correlation: eight years of detection data, a rolling organizational baseline window backed by a year of full-fidelity log retention, plus platform-wide cohort comparison for a complete analysis.
• Verdicts you can verify: Kindling runs a two-stage review, combining deterministic scoring and human-in-the-loop analysis, creating an alert only when a correlated case needs response. Every case shows a weighted score and calculated reasoning, evidence with a timeline of any related findings, and what needs to happen next.
• End-to-end workspace security: Kindling works with data already ingested on the Blumira platform across cloud, network, endpoint, and identity resources. Threats don’t just live at the endpoint, and complete coverage can flag malicious activity before an attacker gains a foothold.

For MSPs supporting multiple client environments, the Kindling MSP dashboard makes it easy for providers to have top-down visibility into status and scale across every portfolio account, along with active cases and trends needing review. It benchmarks security posture against similar orgs to help providers improve defenses and prioritize preventative work, and provides reporting to demonstrate client value, including an incident timeline report and estimated costs saved.

The dashboard is available at pilot launch and is part of Blumira’s commitment to being the best security operations platform for MSPs, following an improved ConnectWise integration shipped in March and an Autotask integration releasing this month, so that cases and tickets flow into the tools where MSP teams already run their business.

Kindling is available now in pilot to Blumira customers and partners. To request access, visit www.blumira.com/kindling

About Blumira

Blumira is a leading provider of security operations solutions designed to make enterprise-grade security accessible to organizations of all sizes. The company's mission is to eliminate the complexity and resource barriers that prevent effective security operations. With expert-built detection rules, 24/7 security operations support, and cutting-edge automation technology, Blumira empowers IT teams and managed service providers to detect, investigate, and respond to security threats with confidence. For more information, visit www.blumira.com.